Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Privilege Elevation in an MVC3 web application with Windows authentication

I have a requirement to implement user privilege elevation in an MVC3 web app, for both Forms and Windows authentication, but this question is critical for Windows auth. This is for a higher privileged user to give assistance to a lower privileged user, e.g. when a clerical user is performing a task and requires an admin user to do a task before the clerical user can continue, the admin user should be able to elevate the same session to their privilege level, perform the admin task, and restore the lower privilege to the session. I don't see a way here without the clerical user logging off and the admin user logging on, given that we want to achieve this on the desktop of the clerical user alone. Maybe user switching is tidier than a whole new session, but I would very much like a "run as" equivalent for Windows authenticated web apps.

Is this even possible, and if so, how can I achieve this? I have no idea where to even begin looking.

like image 281
ProfK Avatar asked May 26 '12 09:05

ProfK


1 Answers

Allow the "power user" to temporary set a specific role for other users and for example setting also an expiration of the role with a DateTime.

like image 78
Matteo Migliore Avatar answered Sep 30 '22 17:09

Matteo Migliore